“Our research shows how an attacker in close proximity (WiFi), or an attacker who already hijacked our PC (USB), can also propagate to and infect our beloved cameras with malware. Imagine how would you respond if attackers inject ransomware into both your computer and the camera, causing them to hold all of your pictures hostage unless you pay ransom”, — report Check Point researchers.
Researchers discovered vulnerabilities in Canon cameras and demonstrated such an attack using the Canon EOS 80D SLR camera, which they eventually infected with a ransomware via a Wi-Fi connection.
At first, experts carefully examined the implementation of PTP in Canon cameras. Then they studied all 148 supported commands, and then narrowed the list to 38 of them that have an input buffer. Thus, six different problems were identified. The list of vulnerable teams and their unique identifiers can be seen below. It is worth noting that not all of these vulnerabilities must be exploited for unauthorized access to the camera.
The second and third vulnerabilities found in the commands turned out to be related to Bluetooth, although used in study camera does not support this type of connection at all.
Researchers say they started checking the camera from a regular connection to a computer using a USB cable. A wireless connection cannot be used when the camera is connected via USB, however, experts could still test and adjust their exploit, using the second vulnerability from the list above, until they succeeded in executing the code through the USB connection.
However, after switching to a wireless connection, the exploit simply stopped working, and the camera was malfunctioning. The fact is that sending a Bluetooth status notification when connecting via Wi-Fi confused the camera (especially considering that it does not even support Bluetooth).
Then the researchers continued to search for other bugs and found a problem that allows remote firmware upgrade without user’s interaction. Reverse engineering helped to identify the keys to verify the legitimacy of the firmware and its encryption.
Read also: New Dragonblood Vulnerabilities Affect WPA3 and Reveal Wi-Fi Passwords
Such a firmware update will have all the correct signatures, and the camera will take it for a legitimate one. As a result, experts not only were able to create an exploit that works both via USB and Wi-Fi, but at the same time they found a way to encrypt files on the camera’s memory card. For this, were used same cryptographic functions that as for the firmware update process. The video below demonstrates the attack on the Canon EOS 80D via Wi-Fi and the encryption of the camera.
Canon has already published a security bulletin on issues discovered. The document states that the company is not aware of the use of these bugs by cybercriminals, and also contains links to updated versions of firmware. So, for European and Asian users, updates to version 1.0.3. Available from July 30 this year, and for American owners of vulnerable cameras, the update was published on August 6.
About Adblockelite.xyz Adblockelite.xyz pop-ups can not open out of nowhere. If you have clicked some…
About Appcloud-center.com Appcloud-center.com pop-ups can not open out of nowhere. If you have actually clicked…
About Groopheetex.com Groopheetex.com pop-ups can not expose out of nowhere. If you have clicked on…
About Vidstreambox.com Vidstreambox.com pop-ups can not expose out of the blue. If you have actually…
About Mac-uptodate.com Mac-uptodate.com pop-ups can not introduce out of the blue. If you have actually…
About Taffetlervers.com Taffetlervers.com pop-ups can not expose out of the blue. If you have clicked…